Hi All,
We are working on mitigating the Log4j2 vulnerability by removing the JndiLookup class as described here:
We are using version 7.9.2 for all ELK components and currently we can't upgrade to newer version.
My question, is the JndiLookup being used by logstash ? Is there any impact expedted if it was removed or it is safe to remove it?
Thanks a lot
Not unless you have configured your log4j2.properties to contain a JNDI lookup. (This would be very unusual, and is definitely not something you could do by accident.)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.